FreeBSD Man Pages

PAM_EXEC(8) FreeBSD System Manager's Manual PAM_EXEC(8)
NAMEpam_exec -- Exec PAM module
SYNOPSIS
[service-name] module-typecontrol-flagpam_exec [arguments]
DESCRIPTION
The exec service module for PAM executes the program designated by its
first argument if no options are specified, with its remaining arguments
as command-line arguments. If options are specified, the program and its
arguments follow the last option or -- if the program name conflicts with
an option name.
The following options may be passed before the program and its arguments:
return_prog_exit_status Use the program exit status as the return code
of the pam_sm_* function. It must be a valid
return value for this function.
-- Stop options parsing; program and its arguments
follow.
The child's environment is set to the current PAM environment list, as
returned by pam_getenvlist(3). In addition, the following PAM items are
exported as environment variables: PAM_RHOST, PAM_RUSER, PAM_SERVICE,
PAM_SM_FUNC, PAM_TTY and PAM_USER.
The PAM_SM_FUNC variable contains the name of the PAM service module
function being called. It may be:
- pam_sm_acct_mgmt
- pam_sm_authenticate
- pam_sm_chauthtok
- pam_sm_close_session
- pam_sm_open_session
- pam_sm_setcred
If return_prog_exit_status is not set (default), the PAM_SM_FUNC function
returns PAM_SUCCESS if the program exit status is 0, PAM_PERM_DENIED oth-
erwise.
If return_prog_exit_status is set, the program exit status is used. It
should be PAM_SUCCESS or one of the error codes allowed by the calling
PAM_SM_FUNC function. The valid codes are documented in each function
man page. If the exit status is not a valid return code, PAM_SERVICE_ERR
is returned. Each valid codes numerical value is available as an envi-
ronment variable (eg. PAM_SUCESS, PAM_USER_UNKNOWN, etc). This is useful
in shell scripts for instance.
SEE ALSOpam_get_item(3), pam.conf(5), pam(8), pam_sm_acct_mgmt(8),
pam_sm_authenticate(8), pam_sm_chauthtok(8), pam_sm_close_session(8),
pam_sm_open_session(8), pam_sm_setcred(8)AUTHORS
The pam_exec module and this manual page were developed for the FreeBSD
Project by ThinkSec AS and NAI Labs, the Security Research Division of
Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
(``CBOSS''), as part of the DARPA CHATS research program.
FreeBSD 10.2 February 8, 2012 FreeBSD 10.2